Amazon linux: Change default ec2-user when creating an ami image

Question

Im trying to create an ami image using amazon linux distro with a custom user/pass. What I did (manaualy):

• Lunch an amazon instance using amazon linux ami
• login with user ec2-user
• Create a new user for example admin
• Change password for user admin
• Add user admin to wheel group: usermod -aG wheel admin
• Add user admin to sudoers file: sudo echo "admin ALL=NOPASSWD:ALL " > /etc/sudoers.d/admin
• Permit ssh user/pass login in /etc/sshd/sshd_config (PermitRootLogin yes )
• restart ssh service: /etc/init.d/ssh restart
• When I try to login with user admin - success. But when creating a new ami image and lunch new instance from the newly created ami, loging via user admin or ec2-user - Permission denied (publickey). What am I missing!!

Answer 1

The issue is that the EC2 service is not aware of your changes when you are launching the instance with the AMI you created. I found a solution for that problem using Cloud-Init which is built-in on Amazon Linux and other official AMIs as well, the complete tutorial can be found here: https://emagalha.es/blog/2018/01/21/customizing-the-default-user-of-an-ubuntu-ami/

In short, here is what you need to do:

1. Launch an instance with the Amazon Linux AMI placing the following lines in the user data field:

#cloud-config
system_info:
  default_user:
    name: admin

2. Connect to the instance using the admin user and create a file at /etc/cloud/cloud.cfg.d/defaults.cfg with the same contents of the user data file you used to launch the instance.

3. Shut down the instance and create the AMI

4. Enjoy!

You can also update the /etc/cloud/cloud.cfg.d/00_defaults.cfg inside the instance with the new username instead of creating a new file. I just like creating a new file to make the change more transparent, in any case, the choice is yours.